Skip to main content
close search
site logo
Dive Brief

Microsoft to extend California data privacy law across state lines

Published Nov. 12, 2019
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Ryan McKnight for CIO Dive

Dive Brief:

  • With the impending Jan. 1, 2020 enactment of the California Consumer Privacy Act (CCPA), Microsoft is applying the law to every U.S. customer, not just California residents, said Julie Brill, corporate VP for Global Privacy and Regulatory Affairs and Chief Privacy Officer at Microsoft, in an announcement
  • The CCPA requires transparency regarding data collection and use, as well as the right to opt out of data sales. As "exactly what will be required under CCPA to accomplish these goals is still developing," Microsoft will make changes accordingly as they are finalized, said Brill. 
  • The company will also help its enterprise customers become CCPA compliant, providing the tools necessary for the law's transparency requirements, according to the announcement. 

Dive Insight:

Digital giants, including Apple and Google, thrive off of disruption and are typically at the "pinnacle" of personalization. But personalization comes at a price: consumer data. 

As the tech industry waits with bated breath for an unlikely federal data privacy law, Microsoft's actions are meant to "demonstrate our commitment in the absence of Congressional action," said Brill. 

Before the EU's GDPR went into effect in May 2018, Microsoft pledged its commitment to extend the regulations to customers beyond the EU. The decision to do so was voluntary.

Because of this, customers already covered by Microsoft's GDPR application will likely find their rights are "stronger" than the CCPA, said Brill. 

Core differences between GDPR and the CCPA include the definition of a consumer. GDPR gives rights to data subjects, or "identified or identifiable natural person," according to the Future of Privacy Forum (FPF). The CCPA recognizes a consumer as a "natural person who is a California resident."

GDPR also applies to controllers, or a "natural or legal persons ... whether their activity is for profit or not" and processors, which are "entities that process personal data on behalf of controllers, according to FPF. The CCPA is for a business that is for-profit, collects consumer data, does business in California and has an annual gross revenue that exceeds $25 million. 

Companies that ingrain privacy into their core values are more desirable for customers to do business with, according to Bart Willemsen, VP analyst at Gartner, during the IT Symposium/Xpo in Orlando, Florida last month. It makes them more trustworthy. It's also a way for Microsoft to be ahead of the game when it comes to privacy legislation, something it's already involved in

In its home state, Washington, Microsoft supported an initial draft of a privacy bill, which later failed. Microsoft took the stance that customers should not have to manually opt out of data transactions, but rather it is the duty of tech companies to carry the burden of data privacy.

Advocacy groups, including the American Civil Liberties Union (ACLU), said the bill failed to wholly protect consumers, in part, because it was written by "technology companies themselves."

Recommended Reading

Filed Under: Corporate

Editors' picks

Company Announcements

View all | Post a press release
Viz.ai Wins Prestigious Prix Galien USA Award for Best Digital Health Solution
From Viz.ai
November 12, 2024
DigiCert Welcomes Lakshmi Hanspal as New Chief Trust Officer
From DigiCert
October 24, 2024
Traceable Releases 2025 State of API Security Report: API Breaches Persist as Fraud, Bot Attac…
From Traceable AI
October 30, 2024
Blackpoint Cyber Launches Global Partner Program and Enablement Platform Emphasizing a Focus o…
From Blackpoint Cyber
October 30, 2024
Editors' picks
Latest in Corporate
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell